SqlServerDsc/source/Examples/Resources/SqlServerAuditSpecification/1-AddServerAuditSpecificationAdminAudit.ps1 at fe3a7cf11608dba13c67d171c7eedca3a6cf202b · dsccommunity/SqlServerDsc · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
<#
    .EXAMPLE
        This example shows how to ensure that an audit destination
        is absent on the instance sqltest.company.local\DSC.
#>
Configuration Example
{
    param
    (
        [Parameter(Mandatory = $true)]
        [System.Management.Automation.PSCredential]
        $SqlAdministratorCredential
    )

    Import-DscResource -ModuleName SqlServerDsc

    node localhost
    {
        SqlAudit SecurityLogAudit_Server
        {
            Ensure               = 'Present'
            ServerName           = 'sqltest.company.local'
            InstanceName         = 'DSC'
            Name                 = 'SecLogAudit'
            LogType              = 'SecurityLog'
            Enabled              = $true
            PsDscRunAsCredential = $SqlAdministratorCredential
        }

        SqlServerAuditSpecification 'ServerAuditSpecification_AdminAudit'
        {
            Ensure                              = 'Present'
            ServerName                          = 'sqltest.company.local'
            InstanceName                        = 'DSC'
            Name                                = 'AdminAudit'
            AuditName                           = 'SecLogAudit'
            Enabled                             = $true
            AuditChangeGroup                    = $true
            BackupRestoreGroup                  = $true
            DatabaseObjectChangeGroup           = $true
            DatabaseObjectOwnershipChangeGroup  = $true
            DatabaseObjectPermissionChangeGroup = $true
            DatabaseOwnershipChangeGroup        = $true
            DatabasePermissionChangeGroup       = $true
            DatabasePrincipalChangeGroup        = $true
            DatabasePrincipalImpersonationGroup = $true
            DatabaseRoleMemberChangeGroup       = $true
            SchemaObjectChangeGroup             = $true
            SchemaObjectOwnershipChangeGroup    = $true
            SchemaObjectPermissionChangeGroup   = $true
            ServerObjectChangeGroup             = $true
            ServerObjectOwnershipChangeGroup    = $true
            ServerObjectPermissionChangeGroup   = $true
            ServerOperationGroup                = $true
            ServerPermissionChangeGroup         = $true
            ServerPrincipalChangeGroup          = $true
            ServerPrincipalImpersonationGroup   = $true
            ServerRoleMemberChangeGroup         = $true
            ServerStateChangeGroup              = $true
            TraceChangeGroup                    = $true
            DependsOn                           = '[SqlAudit]SecurityLogAudit_Server'
            PsDscRunAsCredential                = $SqlAdministratorCredential
        }
    }
}